EP1788811B1 - A method for obtaining user's on-line information - Google Patents

A method for obtaining user's on-line information Download PDF

Info

Publication number
EP1788811B1
EP1788811B1 EP05772524A EP05772524A EP1788811B1 EP 1788811 B1 EP1788811 B1 EP 1788811B1 EP 05772524 A EP05772524 A EP 05772524A EP 05772524 A EP05772524 A EP 05772524A EP 1788811 B1 EP1788811 B1 EP 1788811B1
Authority
EP
European Patent Office
Prior art keywords
subscriber terminal
authentication
subscriber
head end
line
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP05772524A
Other languages
German (de)
French (fr)
Other versions
EP1788811A1 (en
EP1788811A4 (en
Inventor
Jinming Liu
Degang Ju
Jun Yao
Yonghong Xu
Junling Hu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of EP1788811A1 publication Critical patent/EP1788811A1/en
Publication of EP1788811A4 publication Critical patent/EP1788811A4/en
Application granted granted Critical
Publication of EP1788811B1 publication Critical patent/EP1788811B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • the present invention relates to the field of digital television (DTV), specifically to a method for acquiring on-line information of subscribers in a DTV network.
  • DTV digital television
  • the DTV network includes a DTV head end (simply referred to as head end) and several subscriber terminals.
  • the head end transmits encrypted DTV programs through a broadcasting network to each subscriber terminal respectively, which receives signals via a set top box (STB), then decrypts the DTV programs using a key in a subscriber identification module of the subscriber terminal, and eventually plays the programs by a television set.
  • STB set top box
  • the most common subscriber identification module is smart card, and the information of the key has been set into the smart card when the subscriber buy it.
  • the disclosed DTV network is a unidirectional network. However, with the enrichment of DTV services, the DTV network tends to be a bidirectional network so as to support interactive services. There is a reference model of DTV network with interactive function defined in digital video broadcasting (DVB) standard.
  • DVD digital video broadcasting
  • FIG. 1 is a schematic diagram illustrating a reference model of DTV network with interactive function defined by DVB standard.
  • a head end 1 includes a broadcasting service module 11 for sending DTV program data and an interactive service module 12 for establishing bidirectional interaction between a subscriber terminal 2 and the head end 1.
  • An STB 21 of the subscriber terminal 2 includes a broadcasting interface 211 for receiving DTV program data and interactive interface 212 for establishing bidirectional interaction between the subscriber terminal 2 and the head end 1.
  • the broadcasting service module 11 sends encrypted DTV programs through a broadcasting network 3, and these signals are received by the broadcasting interface 211 of the STB 21 to enable the subscriber to watch the DTV programs.
  • the broadcasting network 3 includes a channel for transmitting and receiving the DTV programs (referred to as broadcasting channel).
  • the broadcasting channel establishes unidirectional data transmission between the head end 1 and each subscriber terminal 2, and has been provided in the unidirectional DTV network.
  • the interactive service module 12 is connected to the STB 21 of the subscriber terminal 2 through an interactive network 4, establishing a bidirectional interactive channel between the head end 1 and each subscriber terminal 2.
  • the bidirectional interactive channel includes a backward interactive channel and a forward interactive channel.
  • the backward interactive channel refers to a channel from the subscriber terminal 2 to the head end 1, for enabling the subscriber to transmit a request or return a response.
  • the forward interactive channel refers to a channel from the head end 1 to the subscriber terminal 2, for transmitting the operator's data or responding to the subscriber's request.
  • This forward interactive channel may be embedded into the broadcasting network 3.
  • the bidirectional interactive DTV network is constructed by adding a bidirectional interactive channel into a unidirectional DTV network.
  • the function is implemented in the prior art by using a subscriber identification module (e.g. smart card) of a legal subscriber.
  • a subscriber identification module e.g. smart card
  • STB 21 When this smart card is connected to STB 21, a key in the smart card is read and encrypted DTV programs are decrypted and decoded to enable the programs to be watched, so as to ensure that the programs are watched only by legal subscribers.
  • DTV piracy by common way of physically cloning the smart card of the subscriber terminal 2. Because on-line information of subscribers can not be acquired at the head end 1, such illegal subscribers can collectively use an account number of one subscriber without being found, which causes loss to the operator.
  • Fig. 2 is a structural schematic diagram illustrating the principle of the DTV network of the above patent application.
  • the DTV network is developed based on unidirectional DTV network and according to DVB standard. It includes a head end 1 and several subscriber terminals 2.
  • Each subscriber terminal 2 includes an STB 21 and a subscriber identification module 22. That is, the STB 21 is added with a bidirectional communication module 214, and the head end 1 is configured with an authentication server 13, which is connected to a subscriber management module 14 of the head end 1.
  • the head end 1 and the subscriber terminal 2 establish bidirectional interactive communication through an interactive network 4.
  • the STB 21 is used for performing the following operation: the STB 21 acquires a unique subscriber identity (ID) in the subscriber identification module 22 and then initiate an authentication request to the head end 1 through the bidirectional communication module 214 when the STB 21 starts up, besides performing conventional functions such as tuning, demodulation, TS demultiplexing, descrambling, decoding, etc.; and then the STB 21 receives the response message of the head end 1, and if the received response message is information indicating successful authentication, the STB 21 continues to perform conventional workflow such as tuning, demultiplexing etc., otherwise, the DTV program can not be watched; furthermore, the STB 21 reports an off-line message to the head end 1 through the bidirectional communication module 214 when the STB 21 shuts down.
  • ID unique subscriber identity
  • the bidirectional communication module 214 is used for performing communication work of the backward interactive channel, which mostly includes: (1) actively initiating connection with the authentication server 13 of the head end 1; (2) receiving return data of the STB 21 and sending the data to the authentication server 13 of the head end 1; (3) receiving data from the authentication server 13 of the head end 1, and sending the data to the STB 21.
  • the subscriber identification module 22 is used for storing the unique subscriber ID and a key for decrypting DTV program data, pairing with the STB 21, and recording program watching information.
  • Currently used smart card is a typical subscriber identification module.
  • the authentication server 13 is used for receiving return data of subscribers and performing subscriber authentication function, which includes: (1) as a server, receiving return data of each subscriber from each subscriber terminal serving as a client; (2) reading subscriber ID recording data from a Subscriber Management Module (SMS) of the head end; (3) maintaining on-line information of each STB according to the ID information reported by subscribers during start-up and shut-down; (4) performing subscriber authentication.
  • SMS Subscriber Management Module
  • the method for acquiring on-line information of subscribers in the DTV network is disclosed according to the above disclosed DTV network (referring to Figs. 3-6 ).
  • the method includes a process of sending an authentication request by the STB, a process of processing the authentication request by the head end, a process of sending a shutdown request of the subscriber by the STB and a process of processing the shutdown request of the subscriber by the head end.
  • the STB 21 when the STB starts up, it reads a unique subscriber ID in the subscriber identification module 22, initiates an authentication request including the unique subscriber ID to the head end 1 through the bidirectional communication module 214, and waits for a response message from the head end 1; only when the received response message indicates that the authentication is passed, the STB 21 may receive DTV program data.
  • the authentication server 13 of the head end 1 When the authentication server 13 of the head end 1 receives the authentication request of the subscriber, it reads and authenticates the unique subscriber ID. If the authentication is passed, the subscriber is set to on-line, and the authentication server 13 returns a message indicating successful authentication; otherwise, the subscriber is illegal, and the authentication server 13 returns a response message indicating failed authentication to the subscriber terminal.
  • the STB When the subscriber terminal is to shut down, the STB reads the unique subscriber ID and reports the shutdown of the subscriber to the head end, and then the subscriber terminal shuts down.
  • the head end When the head end receives the shutdown request of the subscriber, it finds the subscriber from the on-line subscribers, and deletes the subscriber from the on-line subscribers.
  • the head end acquires on-line states of subscribers in time and reduces illegal accesses to the DTV network by using on-line information of the subscribers, the loss of the operator is reduced.
  • US 2003/033601 A1 discloses an expiration date monitoring system comprising a terminal and a server for monitoring an expiration date of this terminal, the server monitoring the expiration date for each function of this terminal and for each content
  • US2004/0123313 A1 discloses a solution to update a key in various situations in order to secure liability of a service in a conditional access system for a digital cable television service.
  • Some embodiments of the present invention provide a method for acquiring on-line information of subscribers, so as to solve the technical problem in the prior art that network congestion or the overload of the authentication server is caused by performing ID authentication of a lot of subscribers during start-up simultaneously in the procedure of acquiring on-line information of the subscribers by the head end.
  • a method for acquiring on-line information of subscribers includes:
  • the method further includes: setting the subscriber terminal to on-line state after the authentication is passed.
  • the method further includes: if the life cycle does not expire, determining whether the remaining effective time of the life cycle is less than a threshold value, if so, initiating an authentication request to the head end by the STB, otherwise the procedure ending.
  • the method further includes: waiting for a random time before initiating an authentication request to the head end.
  • the process of determining whether the authentication is passed comprises determining whether a unique subscriber ID of the subscriber terminal in the authentication request is legal.
  • the method further includes: after authentication is passed, determining whether the subscriber terminal is on-line, if the subscriber is on-line, returning the successful response message including new key information.
  • the method further includes: sequentially determining, by the head end, whether the life cycle of the key for each subscriber terminal expires, if so, sending a subscriber roll-call authentication message to the subscriber terminal, otherwise the procedure ending, sending, by the head end, an updated key information to the subscriber terminal, and setting the subscriber terminal to on-line state when a response message of the subscriber terminal is received in a prescribed time period; updating, by the subscriber terminal, the key information.
  • the method further includes: if the life cycle of the key does not expire, determining whether the remaining effective time of the life cycle is less than a threshold value, if so, sending the subscriber roll-call authentication message to the subscriber terminal, otherwise the procedure ending.
  • the method further includes: if the life cycle of the key for the subscriber terminal expires, determining whether the state of the subscriber terminal is on-line; and if the state of the subscriber terminal is on-line, determining on-line time of the subscriber terminal is larger than a preset maximum on-line time, if so, sending the subscriber roll-call authentication message to the subscriber terminal, otherwise the procedure ending.
  • the method further includes: receiving, by the subscriber terminal, the roll-call authentication message, and returning a response message including a unique subscriber ID of the subscriber terminal.
  • the method further includes: sending, by the STB, a shutdown authentication request when the STB shuts down; receiving, by the head end, the authentication request, and if the authentication is passed, setting the subscriber terminal to off-line state.
  • a further embodiment of the present invention provides a subscriber terminal, the subscriber terminal including:
  • a further embodiment of the present invention provides a head end, the head end being configured to perform authentication in accordance with an authentication request initiated by a set top box (STB) of a subscriber terminal; determine whether the authentication is passed; return a successful response message including new key information if the authentication is passed, and return a failed response message if the authentication is not passed.
  • STB set top box
  • Some embodiments of the present invention possess the following advantages compared to the prior art: an authentication request is initiated when the life cycle of the key expires or when the remaining effective time of the life cycle is less than a threshold, so the processes in the prior art are avoided in which each subscriber terminal needs to initiate an authentication request during start-up, and therefore the problem of network congestion or the overload of the authentication server is reduced. Moreover, some embodiments of the present invention add a process of initiating on-line authentication procedure by the head end, thereby enabling the head end to know on-line information of subscribers in time, and further reducing illegal accesses to the DTV networks.
  • Fig. 1 is a schematic diagram illustrating a reference model of a DTV network with interactive function defined by DVB standard in the prior art
  • Fig. 2 is a structural schematic diagram illustrating the principle of a DTV network with interactive function in the prior art
  • Fig. 3 is a flow chart illustrating a process of sending an authentication request by the STB in the prior art
  • Fig. 4 is a flow chart illustrating a process of processing the authentication request by the head end in the prior art
  • Fig. 5 is a flow chart illustrating a process of sending a shutdown request of the subscriber by the STB in the prior art
  • Fig. 6 is a flow chart illustrating a process of processing the shutdown request of the subscriber by the head end in the prior art
  • Fig. 7 is a flow chart illustrating a procedure of acquiring on-line information of subscribers in the DTV network according to an embodiment of the present invention
  • Fig. 8 is a flow chart illustrating on-line authentication performed by the head end according to an embodiment of the present invention.
  • FIG. 7 A flow chart illustrating a procedure of acquiring on-line information of subscribers in the DTV network according to an embodiment of the present invention is shown in Fig. 7 .
  • Conditional program access is introduced into the DTV network so that programs of the DTV network can be watched only by legal subscribers.
  • the conditional program access is the control of transmission of a control word.
  • the head end 1 randomly generates a control word (CW) with which the scrambling of the DTV program signal transmitted by the head end 1 is controlled.
  • CW control word
  • the subscriber terminal 2 is required to have the same CW as that of the head end 1 to control the descrambling. If the CW of the head end 1 is transmitted to the subscriber terminal 2 directly, the CW may be intercepted easily by hackers. Thus, the CW should be encrypted before transmitting.
  • a ciphertext produced by the first layer for encrypting the CW (referred to as entitlement control message (ECM)) generally is transmitted together with the scrambled code stream by multiplexing.
  • the ECM further includes such information as time, price of the program, and entitlement control of the program, etc.
  • the second layer is to encrypt the CW by using a secret key (SK)
  • the third layer is to encrypt the SK by using a program data key (PDK).
  • EMM entitlement management message
  • subscriber entitlement information such as smart card number, entitlement time, entitlement level, etc.
  • a double-key method is generally adopted to prevent the key from being intercepted by hackers.
  • a pair of keys is allocated to each subscriber.
  • One of the keys is a key of the subscriber terminal referred to as private key, which is only used for decrypting, and generally stored in the subscriber identification module.
  • the other one is a public key only used for encrypting.
  • the two keys have a one-to-one corresponding relationship by an algorithm, and the encryption using the public key can only be decrypted by using the private key. Thus, we need not to transmit the key directly, thereby the security is very high. This is an authentication process known as digital signature.
  • the private key (PK) (abbreviated as key) is generally stored in the subscriber identification module 22 (including smart card), therefore the EMM can only be decrypted by the subscriber terminal 2. That is to say, one smart card can only decrypt EMM information associated with itself, all the information for decrypting the ECM may be obtained after the decryption of EMM, then the CW may be obtained by decrypting the ECM, and the CW may be sent to a descrambler in the STB 21 to perform descrambling operation. All these decryption processes may be done within a decryption system in the smart card.
  • the key information in the subscriber identification module 22 further includes life cycle of the key.
  • the initial key and its life cycle are preset in the smart card, and the subsequent key information may be sent to the subscriber terminal by the head end 1.
  • the STB 21 determines whether the remaining effective time of the life cycle is less than a threshold value, if so, the procedure proceeds to S 140, otherwise the procedure ends.
  • the threshold value is preset, and mainly for enabling the next key and the next key's life cycle to be acquired in advance before the last key expires. For example, a subscriber subscribes for a monthly payment channel for half a year, and he needs to acquire the entitlement and the key of next month at the end of a month.
  • the threshold value may be half day, one day or one week depending on the type of the key
  • S 140 The STB 21 initiates an authentication request after waiting for a random time T1.
  • T1 may be set randomly by the STB 21, and may also be adjusted according to the subscriber scale of the network.
  • the head end may adjust T1 according to the number of the managed subscriber terminals, set the T1 value, and send the T1 value to each STB 21.
  • the authentication request includes a unique subscriber ID obtained from the subscriber identification module 22.
  • the authentication server 13 of the head end 1 receives the authentication request and acquires the unique subscriber ID from the authentication request. The authentication server 13 of the head end 1 then performs authentication according to the unique subscriber ID, for example, determines whether the subscriber is a legal subscriber in the DTV network according to the unique subscriber ID, whether a subscriber with the same unique subscriber ID are on-line. When the authentication succeeds, the authentication server 13 of the head end 1 sends a response message which includes new key information and indicates successful authentication, and sets the subscriber terminal 2 to on-line state; otherwise, the authentication server 13 of the head end 1 returns a response message indicating failed authentication to the subscriber terminal 2.
  • the STB 21 receives the response message and determines whether the response message indicates successful authentication, if so, the STB 21 updates the key information, otherwise the procedure ends.
  • the head end 1 When the life cycle of the key expires, the head end 1 encrypts the DTV program data using a new key, and sends the DTV program data to the STB 21. Without a corresponding new key, the DTV program data can not be decrypted, that is, the DTV program can not be watched.
  • the head end may acquire on-line information of subscriber terminals through the above processes, thereby reducing the use of illegal subscriber, and thus reducing the piracy.
  • another embodiment of the present invention additionally provides a procedure of on-line authentication, which includes the following processes as shown in Fig. 8 :
  • the head end 1 determines whether the remaining effective time of the life cycle is less than the threshold value, if so, the procedure proceeds to process S240, otherwise the procedure ends;
  • the head end 1 determines whether the on-line state of the subscriber terminal 2 expires, if so, the procedure proceeds to process S250, otherwise the procedure ends; Specifically, a maximum on-line time is preset for each subscriber terminal 2 at the head end, and the process of determining whether the subscriber's on-line state expires is realized by determining whether the subscriber's on-line time is larger than the maximum on-line time. This is mainly to allow the head end 1 to initiate a roll-call again for the subscriber terminal already in on-line state;
  • the head end 1 sends a roll-call authentication message to the subscriber terminal 2, the authentication message includes a unique subscriber ID, and if the subscriber roll-call authentication message is received when the STB 21 of the subscriber terminal 2 is operating, the STB 21 returns a response message including the unique subscriber ID of the subscriber terminal 2;
  • S270 The subscriber terminal 2 updates the key information, so as to receive new DTV program data.
  • the STB 21 may send a shutdown authentication request when the subscriber terminal 2 shuts down.
  • the head end performs authentication after receiving the shutdown authentication request, and the authentication includes determining whether the unique subscriber ID is legal or not, the subscriber terminal is on-line or not, etc.
  • the head end sets the subscriber to off-line state after the authentication is passed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Graphics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Telephonic Communication Services (AREA)
  • Circuits Of Receivers In General (AREA)

Abstract

A method for obtaining user' s on-line information, which can be applied to digital television network. The network comprises at least a user terminal which comprises a set-top-box and a user identification module for storing key information to decipher the digital television programme data and a front end for transmitting enciphered programme data to each user terminal. The method comprises the steps of : A) obtain the lifetime of the key from user identification module after turning on the power of set-top-box; B) If the lifetime expires, the set-top-box transmits a request for confirmation to the front end; C) when the front end receives the request for confirmation, it carries out the confirmation and transmits the response to the set-topbox, i.e. if the confirmation is passed, it sets the user terminal in on-line state and returns the successful response of the confirmation which contains a new key information to the set-top-box; otherwise, it returns the failed response of the confirmation; D) The set-top-box receives the response and if it is the successful response of the confirmation, then updates the key information.

Description

    Field of the Invention
  • The present invention relates to the field of digital television (DTV), specifically to a method for acquiring on-line information of subscribers in a DTV network.
    • Background of the Invention
  • The DTV network includes a DTV head end (simply referred to as head end) and several subscriber terminals. The head end transmits encrypted DTV programs through a broadcasting network to each subscriber terminal respectively, which receives signals via a set top box (STB), then decrypts the DTV programs using a key in a subscriber identification module of the subscriber terminal, and eventually plays the programs by a television set. The most common subscriber identification module is smart card, and the information of the key has been set into the smart card when the subscriber buy it.
  • The disclosed DTV network is a unidirectional network. However, with the enrichment of DTV services, the DTV network tends to be a bidirectional network so as to support interactive services. There is a reference model of DTV network with interactive function defined in digital video broadcasting (DVB) standard.
  • Referring to Fig. 1, which is a schematic diagram illustrating a reference model of DTV network with interactive function defined by DVB standard. A head end 1 includes a broadcasting service module 11 for sending DTV program data and an interactive service module 12 for establishing bidirectional interaction between a subscriber terminal 2 and the head end 1. An STB 21 of the subscriber terminal 2 includes a broadcasting interface 211 for receiving DTV program data and interactive interface 212 for establishing bidirectional interaction between the subscriber terminal 2 and the head end 1.
  • The broadcasting service module 11 sends encrypted DTV programs through a broadcasting network 3, and these signals are received by the broadcasting interface 211 of the STB 21 to enable the subscriber to watch the DTV programs. The broadcasting network 3 includes a channel for transmitting and receiving the DTV programs (referred to as broadcasting channel). The broadcasting channel establishes unidirectional data transmission between the head end 1 and each subscriber terminal 2, and has been provided in the unidirectional DTV network.
  • The interactive service module 12 is connected to the STB 21 of the subscriber terminal 2 through an interactive network 4, establishing a bidirectional interactive channel between the head end 1 and each subscriber terminal 2. The bidirectional interactive channel includes a backward interactive channel and a forward interactive channel. The backward interactive channel refers to a channel from the subscriber terminal 2 to the head end 1, for enabling the subscriber to transmit a request or return a response. The forward interactive channel refers to a channel from the head end 1 to the subscriber terminal 2, for transmitting the operator's data or responding to the subscriber's request. This forward interactive channel may be embedded into the broadcasting network 3. In fact, the bidirectional interactive DTV network is constructed by adding a bidirectional interactive channel into a unidirectional DTV network.
  • No matter it is a unidirectional DTV network or a bidirectional DTV network developed based on a unidirectional DTV network, the profit model of the operator is different from that of conventional analog television era. That is, the operator gains profit mainly by charging subscribers for watching DTV programs, rather than depending on TV advertisement and network maintenance fee. Therefore, a conditional access system (CAS) is introduced into DTV to ensure that programs can be watched only by legal subscribers in the DTV network.
  • The function is implemented in the prior art by using a subscriber identification module (e.g. smart card) of a legal subscriber. When this smart card is connected to STB 21, a key in the smart card is read and encrypted DTV programs are decrypted and decoded to enable the programs to be watched, so as to ensure that the programs are watched only by legal subscribers. However, there is still DTV piracy by common way of physically cloning the smart card of the subscriber terminal 2. Because on-line information of subscribers can not be acquired at the head end 1, such illegal subscribers can collectively use an account number of one subscriber without being found, which causes loss to the operator.
  • In order for the head end to acquire on-line information of subscribers, a patent application CN 1 633 173 A entitled "METHOD AND SYSTEM FOR LEARNING INFORMATION ABOUT ON-LINE/OFF-LINE/IN-LINE OF USER" was filed with the Chinese state intellectual property office by the present applicant.
  • Referring to Fig. 2, which is a structural schematic diagram illustrating the principle of the DTV network of the above patent application. The DTV network is developed based on unidirectional DTV network and according to DVB standard. It includes a head end 1 and several subscriber terminals 2. Each subscriber terminal 2 includes an STB 21 and a subscriber identification module 22. That is, the STB 21 is added with a bidirectional communication module 214, and the head end 1 is configured with an authentication server 13, which is connected to a subscriber management module 14 of the head end 1. The head end 1 and the subscriber terminal 2 establish bidirectional interactive communication through an interactive network 4.
  • The STB 21 is used for performing the following operation: the STB 21 acquires a unique subscriber identity (ID) in the subscriber identification module 22 and then initiate an authentication request to the head end 1 through the bidirectional communication module 214 when the STB 21 starts up, besides performing conventional functions such as tuning, demodulation, TS demultiplexing, descrambling, decoding, etc.; and then the STB 21 receives the response message of the head end 1, and if the received response message is information indicating successful authentication, the STB 21 continues to perform conventional workflow such as tuning, demultiplexing etc., otherwise, the DTV program can not be watched; furthermore, the STB 21 reports an off-line message to the head end 1 through the bidirectional communication module 214 when the STB 21 shuts down.
  • The bidirectional communication module 214 is used for performing communication work of the backward interactive channel, which mostly includes: (1) actively initiating connection with the authentication server 13 of the head end 1; (2) receiving return data of the STB 21 and sending the data to the authentication server 13 of the head end 1; (3) receiving data from the authentication server 13 of the head end 1, and sending the data to the STB 21.
  • The subscriber identification module 22 is used for storing the unique subscriber ID and a key for decrypting DTV program data, pairing with the STB 21, and recording program watching information. Currently used smart card is a typical subscriber identification module.
  • The authentication server 13 is used for receiving return data of subscribers and performing subscriber authentication function, which includes: (1) as a server, receiving return data of each subscriber from each subscriber terminal serving as a client; (2) reading subscriber ID recording data from a Subscriber Management Module (SMS) of the head end; (3) maintaining on-line information of each STB according to the ID information reported by subscribers during start-up and shut-down; (4) performing subscriber authentication.
  • The method for acquiring on-line information of subscribers in the DTV network is disclosed according to the above disclosed DTV network (referring to Figs. 3-6). The method includes a process of sending an authentication request by the STB, a process of processing the authentication request by the head end, a process of sending a shutdown request of the subscriber by the STB and a process of processing the shutdown request of the subscriber by the head end.
  • (I) the process of sending an authentication request by the STB (referring to Fig. 3)
  • when the STB starts up, it reads a unique subscriber ID in the subscriber identification module 22, initiates an authentication request including the unique subscriber ID to the head end 1 through the bidirectional communication module 214, and waits for a response message from the head end 1; only when the received response message indicates that the authentication is passed, the STB 21 may receive DTV program data.
  • (II) the process of processing the authentication request by the head end 1 (referring to Fig. 4)
  • When the authentication server 13 of the head end 1 receives the authentication request of the subscriber, it reads and authenticates the unique subscriber ID. If the authentication is passed, the subscriber is set to on-line, and the authentication server 13 returns a message indicating successful authentication; otherwise, the subscriber is illegal, and the authentication server 13 returns a response message indicating failed authentication to the subscriber terminal.
  • (III) The process of sending a shutdown request of the subscriber by the STB (referring to Fig. 5)
  • When the subscriber terminal is to shut down, the STB reads the unique subscriber ID and reports the shutdown of the subscriber to the head end, and then the subscriber terminal shuts down.
  • (IV) the process of processing the shutdown request of the subscriber by the head end (referring to Fig. 6)
  • When the head end receives the shutdown request of the subscriber, it finds the subscriber from the on-line subscribers, and deletes the subscriber from the on-line subscribers.
  • In the above method, because the head end acquires on-line states of subscribers in time and reduces illegal accesses to the DTV network by using on-line information of the subscribers, the loss of the operator is reduced.
  • However, if the subscribers initiate subscriber ID authentication simultaneously in a relatively short time period, this will result in the congestion of the interactive network or the overload of the processing capacity of the authentication server. In particular, with the continual increase of the quantities of the subscribers and the operation of the network adapting to a large number of subscribers, the problem of performing ID authentication of a lot of subscribers during start-up simultaneously in a short time period need to be solved.
    US 2003/033601 A1 discloses an expiration date monitoring system comprising a terminal and a server for monitoring an expiration date of this terminal, the server monitoring the expiration date for each function of this terminal and for each content
    US2004/0123313 A1 discloses a solution to update a key in various situations in order to secure liability of a service in a conditional access system for a digital cable television service.
    • Summary of the Invention
  • Some embodiments of the present invention provide a method for acquiring on-line information of subscribers, so as to solve the technical problem in the prior art that network congestion or the overload of the authentication server is caused by performing ID authentication of a lot of subscribers during start-up simultaneously in the procedure of acquiring on-line information of the subscribers by the head end.
  • The embodiments of the present invention provide the following technical solution:
    • According to an embodiment of the invention, a method for acquiring on-line information of subscribers includes: reading, by a set top box, STB, in a subscriber terminal, life cycle of a key from key information stored in a subscriber identification module in the subscriber terminal when the STB starts up; initiating, by the STB, an authentication request to a head end when the STB determines remaining effective time of the life cycle of the key is less than a threshold value, and performing, by the head end, authentication in accordance with the authentication request; determining, by the head end, whether the authentication is passed, if the authentication is passed, returning a successful response message including new key information, otherwise returning a failed response message; updating, by the STB, the key information when receiving the successful response message; and sequentially determining, by the head end, whether life cycle of the key for the subscriber terminal expires, and if so, determining whether state of the subscriber terminal is on-line; and if the state of the subscriber terminal is on-line, determining whether on-line time of the subscriber terminal is larger than a preset maximum on-line time, and if so, sending a subscriber roll-call authentication message to the subscriber terminal, and when a response message from the subscriber terminal is received in a prescribed time period, sending, by the head end, an updated key information to the subscriber terminal, and setting the state of the subscriber terminal to on-line.
    • According to another embodiment of the invention, a head end is configured to perform authentication in accordance with an authentication request initiated by a set top box, STB, of a subscriber terminal; determine whether the authentication is passed; return a successful response message including new key information if the authentication is passed; return a failed response message if the authentication is not passed; sequentially determine whether remaining time of a life cycle of a key for the subscriber terminal is less than a threshold value, and if so, determine whether state of the subscriber terminal is on-line; and if the state of the subscriber terminal is on-line, determine whether on-line time of the subscriber terminal is larger than a preset maximum on-line time, and if so, send a subscriber roll-call authentication message to the subscriber terminal; and when a response message of the subscriber terminal is received in a prescribed time period, send an updated key information to the subscriber terminal and set the subscriber terminal to on-line state.
  • A method for acquiring on-line information of subscribers includes:
    • reading, by a set top box (STB) in the subscriber terminal, life cycle of a key from key information stored in a subscriber identification module in the subscriber terminal when the STB starts up;
    • initiating, by the STB, an authentication request to a head end when the life cycle expires, and performing, by the head end, authentication in accordance with the authentication request;
    • determining, by the head end, whether the authentication is passed, if the authentication is passed, returning a successful response message including new key information, otherwise returning a failed response message;
    • updating, by the STB, the key information when receiving the successful response message.
  • The method further includes: setting the subscriber terminal to on-line state after the authentication is passed.
  • The method further includes: if the life cycle does not expire, determining whether the remaining effective time of the life cycle is less than a threshold value, if so, initiating an authentication request to the head end by the STB, otherwise the procedure ending.
  • The method further includes: waiting for a random time before initiating an authentication request to the head end.
  • The process of determining whether the authentication is passed comprises determining whether a unique subscriber ID of the subscriber terminal in the authentication request is legal.
  • The method further includes: after authentication is passed, determining whether the subscriber terminal is on-line, if the subscriber is on-line, returning the successful response message including new key information.
  • The method further includes: sequentially determining, by the head end, whether the life cycle of the key for each subscriber terminal expires, if so, sending a subscriber roll-call authentication message to the subscriber terminal, otherwise the procedure ending, sending, by the head end, an updated key information to the subscriber terminal, and setting the subscriber terminal to on-line state when a response message of the subscriber terminal is received in a prescribed time period; updating, by the subscriber terminal, the key information.
  • The method further includes: if the life cycle of the key does not expire, determining whether the remaining effective time of the life cycle is less than a threshold value, if so, sending the subscriber roll-call authentication message to the subscriber terminal, otherwise the procedure ending.
  • The method further includes: if the life cycle of the key for the subscriber terminal expires, determining whether the state of the subscriber terminal is on-line; and if the state of the subscriber terminal is on-line, determining on-line time of the subscriber terminal is larger than a preset maximum on-line time, if so, sending the subscriber roll-call authentication message to the subscriber terminal, otherwise the procedure ending.
  • The method further includes: receiving, by the subscriber terminal, the roll-call authentication message, and returning a response message including a unique subscriber ID of the subscriber terminal.
  • The method further includes: sending, by the STB, a shutdown authentication request when the STB shuts down; receiving, by the head end, the authentication request, and if the authentication is passed, setting the subscriber terminal to off-line state.
  • A further embodiment of the present invention provides a subscriber terminal, the subscriber terminal including:
    • a subscriber identification module configured to store key information for decrypting encrypted digital television (DTV) program data, the key information including a key and life cycle of the key; and
    • a set top box (STB) configured to read the life cycle of the key from the subscriber identification module when the STB starts up, initiate an authentication request to a head end when the life cycle expires, and update the key information when receiving a successful response message including new key information from the head end.
  • A further embodiment of the present invention provides a head end, the head end being configured to perform authentication in accordance with an authentication request initiated by a set top box (STB) of a subscriber terminal; determine whether the authentication is passed; return a successful response message including new key information if the authentication is passed, and return a failed response message if the authentication is not passed.
  • Some embodiments of the present invention possess the following advantages compared to the prior art: an authentication request is initiated when the life cycle of the key expires or when the remaining effective time of the life cycle is less than a threshold, so the processes in the prior art are avoided in which each subscriber terminal needs to initiate an authentication request during start-up, and therefore the problem of network congestion or the overload of the authentication server is reduced. Moreover, some embodiments of the present invention add a process of initiating on-line authentication procedure by the head end, thereby enabling the head end to know on-line information of subscribers in time, and further reducing illegal accesses to the DTV networks.
    • Brief Descriptions of the Drawings
  • Fig. 1 is a schematic diagram illustrating a reference model of a DTV network with interactive function defined by DVB standard in the prior art;
  • Fig. 2 is a structural schematic diagram illustrating the principle of a DTV network with interactive function in the prior art;
  • Fig. 3 is a flow chart illustrating a process of sending an authentication request by the STB in the prior art;
  • Fig. 4 is a flow chart illustrating a process of processing the authentication request by the head end in the prior art;
  • Fig. 5 is a flow chart illustrating a process of sending a shutdown request of the subscriber by the STB in the prior art;
  • Fig. 6 is a flow chart illustrating a process of processing the shutdown request of the subscriber by the head end in the prior art;
  • Fig. 7 is a flow chart illustrating a procedure of acquiring on-line information of subscribers in the DTV network according to an embodiment of the present invention;
  • Fig. 8 is a flow chart illustrating on-line authentication performed by the head end according to an embodiment of the present invention.
    • Detailed Descriptions of the Embodiments
  • The present invention is hereinafter described in detail in conjunction with the embodiments and drawings.
  • A flow chart illustrating a procedure of acquiring on-line information of subscribers in the DTV network according to an embodiment of the present invention is shown in Fig. 7.
  • S110: when the STB 21 starts up, it reads life cycle of a key stored in the subscriber identification module 22;
  • Conditional program access is introduced into the DTV network so that programs of the DTV network can be watched only by legal subscribers. The conditional program access is the control of transmission of a control word. The head end 1 randomly generates a control word (CW) with which the scrambling of the DTV program signal transmitted by the head end 1 is controlled. In order to successfully descramble the scrambled signal at subscriber terminal 2, the subscriber terminal 2 is required to have the same CW as that of the head end 1 to control the descrambling. If the CW of the head end 1 is transmitted to the subscriber terminal 2 directly, the CW may be intercepted easily by hackers. Thus, the CW should be encrypted before transmitting.
  • At present, in order to increase the security of the CW transmission, a ciphertext produced by the first layer for encrypting the CW (referred to as entitlement control message (ECM)) generally is transmitted together with the scrambled code stream by multiplexing. The ECM further includes such information as time, price of the program, and entitlement control of the program, etc. The second layer is to encrypt the CW by using a secret key (SK), and the third layer is to encrypt the SK by using a program data key (PDK). The produced ciphertext and an entitlement instruction constitute an entitlement management message (EMM), which also includes subscriber entitlement information such as smart card number, entitlement time, entitlement level, etc. These information are mainly for carrying out the entitlement to the subscriber, so the EMM is a subscriber-oriented management message, which entitles the subscriber regarding when and on which channel the subscriber watches the program.
  • A double-key method is generally adopted to prevent the key from being intercepted by hackers. In the double-key method, a pair of keys is allocated to each subscriber. One of the keys is a key of the subscriber terminal referred to as private key, which is only used for decrypting, and generally stored in the subscriber identification module. The other one is a public key only used for encrypting. The two keys have a one-to-one corresponding relationship by an algorithm, and the encryption using the public key can only be decrypted by using the private key. Thus, we need not to transmit the key directly, thereby the security is very high. This is an authentication process known as digital signature. The private key (PK) (abbreviated as key) is generally stored in the subscriber identification module 22 (including smart card), therefore the EMM can only be decrypted by the subscriber terminal 2. That is to say, one smart card can only decrypt EMM information associated with itself, all the information for decrypting the ECM may be obtained after the decryption of EMM, then the CW may be obtained by decrypting the ECM, and the CW may be sent to a descrambler in the STB 21 to perform descrambling operation. All these decryption processes may be done within a decryption system in the smart card.
  • Also, besides the key, the key information in the subscriber identification module 22 further includes life cycle of the key. The initial key and its life cycle are preset in the smart card, and the subsequent key information may be sent to the subscriber terminal by the head end 1.
  • S 120: The STB 21 determines whether the life cycle of the key expires, if so, the procedure proceeds to process S 140, otherwise proceeds to processS130.
  • S130: The STB 21 determines whether the remaining effective time of the life cycle is less than a threshold value, if so, the procedure proceeds to S 140, otherwise the procedure ends. The threshold value is preset, and mainly for enabling the next key and the next key's life cycle to be acquired in advance before the last key expires. For example, a subscriber subscribes for a monthly payment channel for half a year, and he needs to acquire the entitlement and the key of next month at the end of a month. The threshold value may be half day, one day or one week depending on the type of the key Thus, because the STB 21 does not initiate an authentication request when the remaining effective time of the life cycle is not less than the threshold value, the number of initiating an authentication request by the STB 21 is reduced greatly
  • S 140: The STB 21 initiates an authentication request after waiting for a random time T1. Thus, the situation of initiating authentication requests by a lot of STBs simultaneously can be avoided
  • T1 may be set randomly by the STB 21, and may also be adjusted according to the subscriber scale of the network. In a particular embodiment, the head end may adjust T1 according to the number of the managed subscriber terminals, set the T1 value, and send the T1 value to each STB 21.
  • The authentication request includes a unique subscriber ID obtained from the subscriber identification module 22.
  • S 150: The authentication server 13 of the head end 1 receives the authentication request and acquires the unique subscriber ID from the authentication request. The authentication server 13 of the head end 1 then performs authentication according to the unique subscriber ID, for example, determines whether the subscriber is a legal subscriber in the DTV network according to the unique subscriber ID, whether a subscriber with the same unique subscriber ID are on-line. When the authentication succeeds, the authentication server 13 of the head end 1 sends a response message which includes new key information and indicates successful authentication, and sets the subscriber terminal 2 to on-line state; otherwise, the authentication server 13 of the head end 1 returns a response message indicating failed authentication to the subscriber terminal 2.
  • S 160: The STB 21 receives the response message and determines whether the response message indicates successful authentication, if so, the STB 21 updates the key information, otherwise the procedure ends.
  • When the life cycle of the key expires, the head end 1 encrypts the DTV program data using a new key, and sends the DTV program data to the STB 21. Without a corresponding new key, the DTV program data can not be decrypted, that is, the DTV program can not be watched.
    The head end may acquire on-line information of subscriber terminals through the above processes, thereby reducing the use of illegal subscriber, and thus reducing the piracy.
  • In the above disclosed method, when the key of the subscriber terminal 2 does nor expires, it is possible that the head end 1 does not set the subscriber terminal 2 to on-line state when the STB 21 of the subscriber terminal 2 starts up. Thus, another embodiment of the present invention additionally provides a procedure of on-line authentication, which includes the following processes as shown in Fig. 8:
  • S210: the head end 1 determines whether the life cycle of the key for each subscriber terminal expires, if so, the procedure proceeds to process S230, otherwise the procedure proceeds to process S220:
  • S220: the head end 1 determines whether the remaining effective time of the life cycle is less than the threshold value, if so, the procedure proceeds to process S240, otherwise the procedure ends;
  • S230: the head end 1 determines whether the subscriber terminal 2 is on-line, if so, the procedure proceeds to process S240, otherwise the procedure proceeds to process S250:
  • S240: the head end 1 determines whether the on-line state of the subscriber terminal 2 expires, if so, the procedure proceeds to process S250, otherwise the procedure ends; Specifically, a maximum on-line time is preset for each subscriber terminal 2 at the head end, and the process of determining whether the subscriber's on-line state expires is realized by determining whether the subscriber's on-line time is larger than the maximum on-line time. This is mainly to allow the head end 1 to initiate a roll-call again for the subscriber terminal already in on-line state;
  • S250: The head end 1 sends a roll-call authentication message to the subscriber terminal 2, the authentication message includes a unique subscriber ID, and if the subscriber roll-call authentication message is received when the STB 21 of the subscriber terminal 2 is operating, the STB 21 returns a response message including the unique subscriber ID of the subscriber terminal 2;
  • S260: When the response message of the subscriber terminal 2 is received in a prescribed time period, the head end 1 returns an updated key information to the subscriber terminal 2, and sets the state of the subscriber terminal 2 to on-line state.
  • S270: The subscriber terminal 2 updates the key information, so as to receive new DTV program data.
  • In order to acquire the subscriber terminal information better, the STB 21 may send a shutdown authentication request when the subscriber terminal 2 shuts down. The head end performs authentication after receiving the shutdown authentication request, and the authentication includes determining whether the unique subscriber ID is legal or not, the subscriber terminal is on-line or not, etc. The head end sets the subscriber to off-line state after the authentication is passed.

Claims (9)

  1. A method for acquiring on-line information of subscribers, comprising:
    reading (S110), by a set top box, STB, in a subscriber terminal (2), life cycle of a key from key information stored in a subscriber identification module (22) in the subscriber terminal (2) when the STB starts up;
    initiating (S 140), by the STB, an authentication request to a head end (1) when the STB determines (S130) remaining effective time of the life cycle of the key is less than a threshold value, and performing(S 150), by the head end (1), - authentication in accordance with the authentication request;
    determining (S150), by the head end (1), whether the authentication is passed, if the authentication is passed, returning a successful response message including new key information, otherwise returning a failed response message;
    updating, by the STB (S160), the key information when receiving the successful response message; and
    sequentially determining (S210), by the head end (1), whether life cycle of the key for the subscriber terminal (2) expires, and if so, determining (S230) whether state of the subscriber terminal (2) is on-line; and if the state of the subscriber terminal is on-line, determining (S240) whether on-line time of the subscriber terminal (2) is larger than a preset maximum on-line time, and if so, sending a subscriber roll-call authentication message to the subscriber terminal (2), and when a response message from the subscriber terminal (2) is received in a prescribed time period, sending (S260), by the head end (1), an updated key information to the subscriber terminal (2), and setting (S260) the state of the subscriber terminal (2) to on-line.
  2. The method according to claim 1,further comprising: setting a state of the subscriber terminal (2) to on-line after the authentication is passed.
  3. The method according to claim 1, further comprising: waiting (S140) for a random time before initiating an authentication request to the head end (1).
  4. The method according to claim 1, wherein the process of determining whether the authentication is passed comprises determining whether a unique subscriber ID of the subscriber terminal (2) in the authentication request is legal.
  5. The method according to claim 1, further comprising:
    if the life cycle of the key for each subscriber terminal does not expire, determining (S220) whether remaining effective time of the life cycle is less than a threshold value, if so, sending the subscriber roll-call authentication message to the subscriber terminal (2), otherwise the procedure ending.
  6. The method according to claim 1, further comprising: receiving, by the subscriber terminal(2), the roll-call authentication message, and returning a response message including a unique subscriber ID of the subscriber terminal(2).
  7. The method according to claim 1, further comprising:
    sending a shutdown authentication request when the STB shuts down;
    receiving, by the head end (1), the authentication request, and if the authentication is passed, setting the subscriber terminal (2) to off line state.
  8. A head end (1), configured to perform authentication (S150) in accordance with an authentication request initiated (S 140) by a set top box, STB, of a subscriber terminal (2); determine (S150) whether the authentication is passed; return a successful response message including new key information if the authentication is passed; return a failed response message if the authentication is not passed; sequentially determine (5210, S220) whether remaining time of a life cycle of a key for the subscriber terminal (2) is less than a threshold value, and if so, determine (S230) whether state of the subscriber terminal (2) is on-line; and if the state of the subscriber terminal (2) is on-line, determine (S240) whether on-line time of the subscriber terminal (2) is larger than a preset maximum on-line time, and if so, send a subscriber roll-call authentication message to the subscriber terminal (2); and when a response message of the subscriber terminal (2) is received in a prescribed time period, send (S260) an updated key information to the subscriber terminal (2) and set (S260) the subscriber terminal (2) to on-line state.
  9. The head end according to claim 8, further configured to set the subscriber terminal to on-line state after the authentication is passed.
EP05772524A 2004-07-21 2005-07-21 A method for obtaining user's on-line information Active EP1788811B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2004100709796A CN100344160C (en) 2004-07-21 2004-07-21 Method for realizing acquisition of user on-line information
PCT/CN2005/001093 WO2006007796A1 (en) 2004-07-21 2005-07-21 A method for obtaining user's on-line information

Publications (3)

Publication Number Publication Date
EP1788811A1 EP1788811A1 (en) 2007-05-23
EP1788811A4 EP1788811A4 (en) 2008-05-07
EP1788811B1 true EP1788811B1 (en) 2009-12-23

Family

ID=35784881

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05772524A Active EP1788811B1 (en) 2004-07-21 2005-07-21 A method for obtaining user's on-line information

Country Status (7)

Country Link
US (1) US20080201749A1 (en)
EP (1) EP1788811B1 (en)
CN (1) CN100344160C (en)
AT (1) ATE453291T1 (en)
DE (1) DE602005018496D1 (en)
RU (1) RU2351092C2 (en)
WO (1) WO2006007796A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112654039A (en) * 2019-09-25 2021-04-13 北京紫光青藤微系统有限公司 Terminal validity identification method, device and system

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8301115B1 (en) * 2006-03-08 2012-10-30 Alcatel Lucent Method for inverse port-based authentication
US10528705B2 (en) * 2006-05-09 2020-01-07 Apple Inc. Determining validity of subscription to use digital content
CN101166259B (en) * 2006-10-16 2010-11-10 华为技术有限公司 Mobile phone TV service protection method, system, mobile phone TV server and terminal
CN101183939B (en) * 2006-11-14 2010-06-09 中兴通讯股份有限公司 Multiple identification based reauthorization method
CN1988539B (en) * 2006-11-22 2010-06-23 夏团利 System and method for compensable sending classified content based on radio digital broadcast path
CN101102552B (en) * 2007-08-16 2012-12-19 中兴通讯股份有限公司 Update method and system for service secret key
CN101729247B (en) * 2008-10-22 2012-07-18 中兴通讯股份有限公司 Method and system for updating key
US9414031B2 (en) * 2008-11-26 2016-08-09 Echostar Technologies L.L.C. Account-specific encryption key
CN101605298B (en) * 2009-06-30 2012-07-04 中兴通讯股份有限公司 China mobile multimedia advertisement service playing method and playing device thereof
EP2317767A1 (en) * 2009-10-27 2011-05-04 Nagravision S.A. Method for accessing services by a user unit
CN102769796A (en) * 2011-05-05 2012-11-07 深圳创维数字技术股份有限公司 Set-top box, server and method and system for updating program information of set-top box
US9386009B1 (en) * 2011-11-03 2016-07-05 Mobile Iron, Inc. Secure identification string
US9693083B1 (en) * 2014-12-31 2017-06-27 The Directv Group, Inc. Systems and methods for controlling purchasing and/or reauthorization to access content using quick response codes and text messages
CN105491409B (en) * 2015-12-24 2019-01-08 北京腾锐视讯科技有限公司 Enhance CA system in a kind of digital television system
CN111246259A (en) * 2020-01-13 2020-06-05 詹良蓉 Broadcast encryption system based on zero knowledge proof
EP4207774A4 (en) * 2020-09-16 2023-10-11 Huawei Technologies Co., Ltd. Method for content transmission protection and related device
CN113542877B (en) * 2021-07-13 2023-05-05 四川长虹网络科技有限责任公司 PVR resource sharing method, PVR resource sharing system, computer equipment and storage medium

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010019559A1 (en) * 1998-01-09 2001-09-06 Gemini Networks, Inc. System, method, and computer program product for end-user self-authentication
US6233341B1 (en) * 1998-05-19 2001-05-15 Visto Corporation System and method for installing and using a temporary certificate at a remote site
US6148081A (en) * 1998-05-29 2000-11-14 Opentv, Inc. Security model for interactive television applications
JP2001333056A (en) * 2000-05-23 2001-11-30 Matsushita Electric Ind Co Ltd Limited reception system and limited reception method
DE10029643A1 (en) * 2000-06-16 2001-12-20 Deutsche Telekom Ag Interception-secure provision of internet protocol services via radio medium e.g. satellite by combining target address with unique identification number
US20030093405A1 (en) * 2000-06-22 2003-05-15 Yaron Mayer System and method for searching, finding and contacting dates on the internet in instant messaging networks and/or in other methods that enable immediate finding and creating immediate contact
JP3742282B2 (en) * 2000-06-30 2006-02-01 株式会社東芝 Broadcast receiving method, broadcast receiving apparatus, information distribution method, and information distribution apparatus
CN1386228A (en) * 2000-08-04 2002-12-18 松下电器产业株式会社 Expiration data management system and apparatus therefor
JP2004112527A (en) * 2002-09-19 2004-04-08 Matsushita Electric Ind Co Ltd Redrive device and redrive system
KR20050057553A (en) * 2002-09-27 2005-06-16 나그라비젼 에스에이 Conditional access data decrypting system
US20040078341A1 (en) * 2002-10-15 2004-04-22 Steichen Terril John System and method for selling digital information online
KR100456162B1 (en) * 2002-12-14 2004-11-09 한국전자통신연구원 Method of Key update in DCATV Conditional Access System
EP1638331A1 (en) * 2004-09-17 2006-03-22 Nagravision S.A. Method to manage access means to conditional access data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112654039A (en) * 2019-09-25 2021-04-13 北京紫光青藤微系统有限公司 Terminal validity identification method, device and system
CN112654039B (en) * 2019-09-25 2024-03-01 紫光同芯微电子有限公司 Terminal validity identification method, device and system

Also Published As

Publication number Publication date
CN1725853A (en) 2006-01-25
EP1788811A1 (en) 2007-05-23
WO2006007796A1 (en) 2006-01-26
EP1788811A4 (en) 2008-05-07
DE602005018496D1 (en) 2010-02-04
ATE453291T1 (en) 2010-01-15
RU2007106454A (en) 2008-08-27
US20080201749A1 (en) 2008-08-21
CN100344160C (en) 2007-10-17
RU2351092C2 (en) 2009-03-27

Similar Documents

Publication Publication Date Title
EP1788811B1 (en) A method for obtaining user's on-line information
US7171553B2 (en) Method for providing a secure communication between two devices and application of this method
US8677147B2 (en) Method for accessing services by a user unit
US8060902B2 (en) System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal
US20050050333A1 (en) System and method for secure broadcast
KR20010030925A (en) Method and apparatus for encrypted data stream transmission
KR20050002909A (en) Smart card mating protocol
KR101762955B1 (en) A method for controlling access to a plurality of channels by a receiver/decoder
WO2006012788A1 (en) Subscriber authorizating method and authorizating system
US9154827B2 (en) Method and device for reception of control words, and device for transmission thereof
EP2259544B1 (en) Controlling the validity period of a decryption key
CN102714593B (en) The encryption method of control character, transfer approach and decryption method and the recording medium for performing these methods
US20050071866A1 (en) System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal
KR100810056B1 (en) Method and apparatus for permitting unconfirmed viewing time with addressable pay tv
US20170373778A1 (en) Method for broadcasting protected multimedia contents
KR100886153B1 (en) Conditional access system and method for synchrozing thereof
CN108650549B (en) Digital television data management method and system
CN100366082C (en) Method of on-line user authentication in digital TV network
JP2002016565A (en) Information distribution method, information distributor and broadcast receiver
JP2007036625A (en) Content distribution method, content receiver, content transmitter and restricted receiving module
JP4843746B2 (en) Broadcast receiving apparatus and broadcast receiving method
CN111385623A (en) CA card sharing method, system and storage medium

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20070220

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20080408

RIC1 Information provided on ipc code assigned before grant

Ipc: H04N 7/167 20060101ALI20080402BHEP

Ipc: H04N 7/173 20060101AFI20060222BHEP

17Q First examination report despatched

Effective date: 20080731

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REF Corresponds to:

Ref document number: 602005018496

Country of ref document: DE

Date of ref document: 20100204

Kind code of ref document: P

REG Reference to a national code

Ref country code: NL

Ref legal event code: VDEP

Effective date: 20091223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

LTIE Lt: invalidation of european patent or patent extension

Effective date: 20091223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20100423

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20100423

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20100403

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20100323

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

Ref country code: BE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20100324

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20100924

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20100731

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20100731

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20110201

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20100731

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 602005018496

Country of ref document: DE

Effective date: 20110201

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20100721

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20100721

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20100624

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20091223

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 12

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 13

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20230620

Year of fee payment: 19

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20230601

Year of fee payment: 19